package com.aaa.config;

import com.aaa.handler.FailHandler;
import com.aaa.handler.MyAccessDeniedHandler;
import com.aaa.handler.SuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * -*- coding:utf-8 -*-
 *
 * @author 太阳偷渡青山
 * @software IntelliJ IDEA
 * @date 2022/12/29 20:01
 * @Description
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 创建密码编码器
     *
     * @return {@link PasswordEncoder}
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * 注入密码编码器
     */
    @Autowired
    private PasswordEncoder passwordEncoder;

    /**
     * 构建认证的账户和权限
     *
     * @param auth 身份验证
     * @throws Exception 异常
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin")
                .password(passwordEncoder.encode("123456"))
                .roles("admin")
                .authorities("user:query","user:delete","user:export")
                .and()
                .withUser("cwh")
                .password(passwordEncoder.encode("123456"))
                .roles("test")
                .authorities("user:query","user:export");
    }

    @Autowired
    private SuccessHandler successHandler;
    @Autowired
    private FailHandler failHandler;

    @Autowired
    private MyAccessDeniedHandler accessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // 放行登录表单资源
//        http.formLogin()
//                // 设置登录成功后的路径。该路径是接口路径，那么提交方式必须为post
//                .loginProcessingUrl("/login")
//                .successForwardUrl("/success")
//                .permitAll();

        http.formLogin()
                //设置登录成功后的处理类
                .successHandler(successHandler)
                //设置登录失败后的处理类
                .failureHandler(failHandler)
                .permitAll();

        // 设置权限不足时，跳转的路径
//        http.exceptionHandling().accessDeniedPage("/fail");

        // 设置权限不足后的处理类
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

        // 方法一：资源绑定
//        http.authorizeRequests()
//                .antMatchers("/user/insert").hasAuthority("user:insert")
//                .antMatchers("/user/delete").hasAuthority("user:delete")
//                .antMatchers("/user/query").hasAuthority("user:query")
//                .antMatchers("/user/update").hasAuthority("user:update")
//                .antMatchers("/user/export").hasAuthority("user:export");

        // 其他请求必须认证后才能访问
        http.authorizeRequests().anyRequest().authenticated();

    }
}
